Thank you for choosing Hive. This guide explains how to set up a Security Assertion Markup Language 2.0 (SAML 2.0) application on Amazon IAM Identity Center to provide your employees with Single Sign-On (SSO) capabilities for Hive. This is intended for employees with admin-level permissions on your company's Amazon IAM Identity Center organization tasked with managing employees' access to Hive.

Creating the Amazon IAM Identity Center Application

To get started setting up a SAML integration on Amazon IAM Identity Center with Hive:

1. Login to the AWS console.

2. Type IAM Identity Center into the AWS console search bar.

3. Click Enable.

   1. There are two types of IAM Identity Center instances: 1) Organization Instances and 2) Account Instances. If you have the option of picking one type, make sure to select Organization Instance.
   2. Depending on your AWS account, you may not see this option. Please refer to this official AWS guide to make sure an Organization Instance of IAM Identity Center is created.

4. On the left sidebar under Application assignments, click Applications

   
   

5. On the top right corner of the screen, click Add application

   
   

6. Select I have an application I want to set up. The window should expand, allowing you to pick an Application type. Select SAML 2.0 and click Next.

   

   
   

7. You should be redirected to a Configure Application screen. Here, you can adjust multiple attributes of the new application. Feel free to configure and change settings according your needs. The attributes you are required to set for successful integration with Hive are listed below:

   1. All required attributes are listed under the Application metadata section. Make sure Manually type your metadata values is selected.

      1. Application ACS URL
         Please input https://portal-customer-api.thehive.ai/sso/saml/acs.

      2. Application SAML Audience
         Please input hive.

         

         
         

8. Click Submit.

This completes the setup needed on Amazon IAM Identity Center for integration with Hive. However, Hive requires some additional information before SSO is fully configured.

Completing Integration with Hive

The SAML metadata file URL is the last piece of information needed by Hive to complete SSO integration. Here are the steps to find this:

1. On the IAM Identity Center home screen, navigate to the Applications tab. Under the Customer managed tab, find and click on your newly created application.

   
   

2. Under the Actions dropdown menu, click Edit configuration.

3. Under the IAM Identity Center metadata section, locate the following line: IAM Identity Center SAML metadata file. Use the adjacent button to copy the link to your clipboard.

   
   

Once you have found the Metadata URL:

• If you do not have Self Serve SSO enabled, please send the Metadata URL value to your Hive representative. Shortly afterward, SSO with Hive will be fully set up. If you would also like to enable Self Serve SSO to further simplify integration with Hive in the future, please follow the instructions on the Enabling Self Serve SSO document to get started.
• If you do have Self Serve SSO enabled, please follow the instructions below.

1. Using any kind of program that can make HTTP GET requests, please send a HTTP GET request to the Metadata URL value to view the XML Metadata document. You will need to inspect the contents of the XML document for the following steps. Find more detailed instructions below explaining how to accomplish this step using a normal web browser or Postman.

   1. Using a Browser

      1. Open up a new tab in your preferred web browser. Input your Metadata URL into the URL search bar and hit enter.

      2. Some links entered into the browser will open up the XML document in the browser itself. If this is your case, you can immediately skip to step 2. Otherwise, please follow step c.

         

      3. Other links entered into the browser will prompt the browser to download the XML document instead. You may see the following pop-up:

         

         Click Allow to download the file to your computer. Alternatively, you may see a download screen pop up directly:

         
      
      

   2. Using Postman

      1. Enter your Metadata URL into the URL text field and click Send.

      2. The XML document should appear in the response body.

         

         
         

2. Next, we will inspect the XML document to find the Entity ID. This can be found as an attribute in the <md:EntityDescriptor> tag. Look for the value following "entityID" (not to be confused with "ID", which also appears sometimes).

   
   

3. Navigate to the Manage SSO tab on your Hive organization dashboard.

4. Click the Add button next to the Manage SAML Integration header.

   
   

5. A pop-up window should appear. Enter the following values.

   • For Identity Provider, select Amazon IAM.

   • For Issuer, please enter the entityID found above in step 2.

   • For Metadata, please copy and paste the entire XML Document contents from step 1 into the text box.

   • For Audience, please enter the Application SAML Audience that you entered when creating the application. If you followed this guide above, then this should simply be hive .

     
     

6. Click Add. SSO with Hive via SAML should now be fully set up.

Managing Groups

We do not currently support groups for Amazon IAM SSO.